Author: Weirong Jiang and Viktor K. Prasanna Publisher: ACM Symposium on Parallel Algorithms and Architectures, SPAA 2009 Presenter: Chin-Chung Pan Date:

Slides:

Advertisements

Similar presentations

Multi-dimensional Packet Classification on FPGA: 100Gbps and Beyond

Advertisements

Massively Parallel Cuckoo Pattern Matching Applied For NIDS/NIPS  Author: Tran Ngoc Thinh, Surin Kittitornkun  Publisher: Electronic Design, Test and.

HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Author: Wenjun Li, Xianfeng Li Publisher: 2013 IEEE 21 st Annual Symposium.

IDPS (Intrusion Detection & Prevention System )

1 TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs Department of Computer Science and Information Engineering National.

ClassBench: A Packet Classification Benchmark

XFA : Faster Signature Matching With Extended Automata Author: Randy Smith, Cristian Estan and Somesh Jha Publisher: IEEE Symposium on Security and Privacy.

Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,

Fast Filter Updates for Packet Classification using TCAM Authors: Haoyu Song, Jonathan Turner. Publisher: GLOBECOM 2006, IEEE Present: Chen-Yu Lin Date:

A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,

1 Fast Packet Classification using Group Bit Vector Author: Tong Liu, Huawei Li, Xiaowei Li, Yinhe Han Publisher: IEEE GLOBECOM 2006 Presenter: Hsin-Mao.

1 On Constructing Efficient Shared Decision Trees for Multiple Packet Filters Author: Bo Zhang T. S. Eugene Ng Publisher: IEEE INFOCOM 2010 Presenter:

Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)

11 FPGA based High speed and low area cost pattern matching Authors: Jian Huang, Zongkai Yang, Xu Du, and Wei Liu Publisher: Proceedings of IEEE Symposium.

1 Memory-Efficient 5D Packet Classification At 40 Gbps Authors: Ioannis Papaefstathiou, and Vassilis Papaefstathiou Publisher: IEEE INFOCOM 2007 Presenter:

1 FPGA-based ROM-free network intrusion detection using shift-OR circuit Department of Computer Science and Information Engineering National Cheng Kung.

Multi-Terabit IP Lookup Using Parallel Bidirectional Pipelines Author: Weirong Jiang, Viktor K. Prasanna Publisher: May 2008 CF '08: Proceedings of the.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

Parallel IP Lookup using Multiple SRAM-based Pipelines Authors: Weirong Jiang and Viktor K. Prasanna Presenter: Yi-Sheng, Lin ( 林意勝 ) Date:

Efficient Multi-Match Packet Classification with TCAM Fang Yu

Two stage packet classification using most specific filter matching and transport level sharing Authors: M.E. Kounavis *,A. Kumar,R. Yavatkar,H. Vin Presenter:

1 Wire Speed Packet Classiﬁcation Without TCAMs: A Few More Registers (And A Bit of Logic) Are Enough Author: Qunfeng Dong, Suman Banerjee, Jia Wang, Dheeraj.

Fast and Scalable Packet Classification Using Perfect Hash functions Author: Viktor Puš, Jan Korenek Publisher: FPGA’09 Presenter: Yu-Ping Chiang Date:

1 DBS A Bit-level Heuristic Packet Classification Algorithm for High Speed Network Author: Baohua Yang, Xiang Wang, Yibo Xue and Jun Li Publisher: International.

1 ARCHITECTURES FOR BIT-SPLIT STRING SCANNING IN INTRUSION DETECTION Author: Lin Tan, Timothy Sherwood Publisher: IEEE MICRO, 2006 Presenter: Hsin-Mao.

Review – Backpropagation

High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.

COEN 252: Computer Forensics Network Analysis and Intrusion Detection with Snort.

(TPDS) A Scalable and Modular Architecture for High-Performance Packet Classification Authors: Thilan Ganegedara, Weirong Jiang, and Viktor K. Prasanna.

Multi-dimensional Packet Classification on FPGA 100 Gbps and Beyond Author: Yaxuan Qi, Jeffrey Fong, Weirong Jiang, Bo Xu, Jun Li, Viktor Prasanna Publisher:

SNORT Feed the Pig Vicki Insixiengmay Jon Krieger.

Packet Classification using Tuple Space Search

Multi-Field Range Encoding for Packet Classification in TCAM Author: Yeim-Kuan Chang, Chun-I Lee and Cheng-Chien Su Publisher: INFOCOM 2011 Presenter:

Applied Research Laboratory Edward W. Spitznagel 24 October Packet Classification using Extended TCAMs Edward W. Spitznagel, Jonathan S. Turner,

MASCOTS 2003 An Active Traffic Splitter Architecture for Intrusion Detection Ioannis Charitakis Institute of Computer Science Foundation of Research And.

1 Towards Practical Architectures for SRAM-based Pipelined Lookup Engines Author: Weirong Jiang, Viktor K. Prasanna Publisher: INFOCOM 2010 Presenter:

Para-Snort : A Multi-thread Snort on Multi-Core IA Platform Tsinghua University PDCS 2009 November 3, 2009 Xinming Chen, Yiyao Wu, Lianghong Xu, Yibo Xue.

Scalable Many-field Packet Classification on Multi-core Processors Authors : Yun R. Qu, Shijie Zhou, Viktor K. Prasanna Publisher : International Symposium.

1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,

Author ： Ioannis Sourdis, Vasilis Dimopoulos, Dionisios Pnevmatikatos and Stamatis Vassiliadis Publisher ： ANCS’06 Presenter ： Zong-Lin Sie Date ： 2011/01/05.

StrideBV: Single chip 400G+ packet classification Author: Thilan Ganegedara, Viktor K. Prasanna Publisher: HPSR 2012 Presenter: Chun-Sheng Hsueh Date:

Memory-Efficient IPv4/v6 Lookup on FPGAs Using Distance-Bounded Path Compression Author: Hoang Le, Weirong Jiang and Viktor K. Prasanna Publisher: IEEE.

Memory-Efficient Regular Expression Search Using State Merging Author: Michela Becchi, Srihari Cadambi Publisher: INFOCOM th IEEE International.

CS 740: Advanced Computer Networks IP Lookup and classification Supplemental material 02/05/2007.

Author : Weirong Jiang, Yi-Hua E. Yang, and Viktor K. Prasanna Publisher : IPDPS 2010 Presenter : Jo-Ning Yu Date : 2012/04/11.

Packet classification on Multiple Fields Authors: Pankaj Gupta and Nick McKcown Publisher: ACM 1999 Presenter: 楊皓中 Date: 2013/12/11.

TFA: A Tunable Finite Automaton for Regular Expression Matching Author: Yang Xu, Junchen Jiang, Rihua Wei, Yang Song and H. Jonathan Chao Publisher: ACM/IEEE.

Range Enhanced Packet Classification Design on FPGA Author: Yeim-Kuan Chang, Chun-sheng Hsueh Publisher: IEEE Transactions on Emerging Topics in Computing.

Parallel tree search: An algorithmic approach for multi- field packet classification Authors: Derek Pao and Cutson Liu. Publisher: Computer communications.

1 Bit Weaving: A Non-Prefix Approach to Compressing Packet Classifiers in TCAMs Author: Chad R. Meiners, Alex X. Liu, and Eric Torng Publisher: IEEE/ACM.

Packet Classification Using Multidimensional Cutting Sumeet Singh (UCSD) Florin Baboescu (UCSD) George Varghese (UCSD) Jia Wang (AT&T Labs-Research) Reviewed.

High Throughput and Programmable Online Traffic Classifier on FPGA Author: Da Tong, Lu Sun, Kiran Kumar Matam, Viktor Prasanna Publisher: FPGA 2013 Presenter:

Author: Weirong Jiang and Viktor K. Prasanna Publisher: The 18th International Conference on Computer Communications and Networks (ICCCN 2009) Presenter:

A Fast and Scalable IPv6 Packet Classification Author: Xiaoju Zhou, Xiaohong Huang, Qiong Sun, Wei Yang, Yan Ma Publisher: Network Infrastructure and Digital.

Hierarchical packet classification using a Bloom filter and rule-priority tries Source : Computer Communications Authors : A. G. Alagu Priya 、 Hyesook.

Author: Weirong Jiang, Viktor K. Prasanna Publisher: th IEEE International Conference on Application-specific Systems, Architectures and Processors.

Authors : Baohua Yang, Jeffrey Fong, Weirong Jiang, Yibo Xue, and Jun Li. Publisher : IEEE TRANSACTIONS ON COMPUTERS Presenter : Chai-Yi Chu Date.

Gnort: High Performance Network Intrusion Detection Using Graphics Processors Date:101/2/15 Publisher:ICS Author:Giorgos Vasiliadis, Spiros Antonatos,

Hierarchical Hybrid Search Structure for High Performance Packet Classification Authors : O˜guzhan Erdem, Hoang Le, Viktor K. Prasanna Publisher : INFOCOM,

Scalable Multi-match Packet Classification Using TCAM and SRAM Author: Yu-Chieh Cheng, Pi-Chung Wang Publisher: IEEE Transactions on Computers (2015) Presenter:

Author Name Security and Networks Research Group Department of Computer Science Rhodes University SNRG SLIDE TEMPLATE.

Author: Yun R. Qu, Shijie Zhou, and Viktor K. Prasanna Publisher:

Space and Speed Tradeoffs in TCAM Hierarchical Packet Classification

James Logan CS526 Dr. Chow April 29, 2009

2019/1/1 High Performance Intrusion Detection Using HTTP-Based Payload Aggregation 2017 IEEE 42nd Conference on Local Computer Networks (LCN) Author: Felix.

Scalable Multi-Match Packet Classification Using TCAM and SRAM

ACM Symposium on Parallel Algorithms and

Power-efficient range-match-based packet classification on FPGA

Author： Yaron Weinsberg ,Shimrit Tzur-David ,Danny Dolev and Tal Anker

Clustered Hierarchical Search Structure for Large-Scale Packet Classification on FPGA Publisher : Field Programmable Logic and Applications, 2011 Author.

Presentation transcript:

Author: Weirong Jiang and Viktor K. Prasanna Publisher: ACM Symposium on Parallel Algorithms and Architectures, SPAA 2009 Presenter: Chin-Chung Pan Date: 2009/10/14

Outline Introduction Analysis of Snort Header Rule Sets Algorithms and Architecture The Field-Split Bit Vector (FSBV) Algorithm Basic Architecture Supporting Snort Features Performance Evaluation 2

Introduction Traditional network applications such as firewall processing require reporting only the highest-priority matching rule, which we call best-match packet classification. In contrast, network intrusion detection systems ( NIDS) needs multi-match packet classification to find all rule headers that match a given packet. Our work focuses on the multi-match packet header classification in NIDS. 3

Analysis of Snort Header Rule Sets 4

Algorithms and Architecture 5

Algorithms and Architecture - The Field-Split Bit Vector (FSBV) Algorithm Applying the FSBV algorithm for matching the DP field of a packet against three rules. 6

Algorithms and Architecture - Basic Architecture 7

Algorithms and Architecture - Supporting Snort Features We examined the usage of those unique features provided by Snort rules, including the value list, the negation operator, and the range operator for port fields. The negation operator “!”. For example, ![60,80] indicates any port number except 60 and 80. The range operator. For example, 60:80 indicates port number from 60 to 80. 8

Algorithms and Architecture - Supporting Snort Features 9

10 Other File DP(4-bit)Rule R1 R2 R3 R4 … … … … 11* * 0111 、 100* Range 12 、、 13 7~9 R1R2R3R4R’ & & & DP of the input packet: Rule Set Build bit vectors Perform match 1010 OR

Algorithms and Architecture - Supporting Snort Features 11 In N rules, a field of the ith rule is specified as a list of M values, the ith bit of all bit vectors for this field is expanded to M bits. N+M-1 bits N bits N+M-1 bits

Algorithms and Architecture - Supporting Snort Features Most of port fields are specified as a single value. Over 85% of the unique values for SP/DP fields are specified as a single value, while only around 10% of port field values are specified as ranges. Current Snort rule set uses few value lists. 12

Performance Evaluation - Results on Synthetic Rules 13

Performance Evaluation - Results on Snort Rules 14